1 views collected around this technical thread.
The article explains the fundamentals of the browser's same‑origin policy, the security risks it mitigates, how Cross‑Origin Resource Sharing (CORS) works—including simple and preflight requests—and best practices for handling credentials and header restrictions.
This article explains the same‑origin policy, its role in protecting browsers from XSS, CSRF and other attacks, illustrates how origins are defined with protocol, host and port, and details how CORS, simple requests and preflight requests enable controlled cross‑origin communication.
This article explains the browser's Same‑Origin Policy, its role in preventing XSS, CSRF and other attacks, and details how Cross‑Origin Resource Sharing (CORS) works, including simple requests, preflight requests, credential handling, and provides a complete request flow diagram.
This article explains the same‑origin policy, its role in browser security, how CORS enables controlled cross‑origin requests, the distinction between simple and preflight requests, credential handling, and best practices for configuring related HTTP headers.
This article explains the same‑origin policy, its role in restricting DOM, data, and network access, introduces Cross‑Origin Resource Sharing (CORS) with simple and preflight requests, and outlines how servers should configure headers to safely enable cross‑origin communication.
Cross-Origin Resource Sharing (CORS) extends the Same-Origin Policy by permitting controlled cross‑origin requests through simple and preflight flows, using specific headers and credential rules, thereby balancing web security against threats like XSS, CSRF, and injection attacks while enabling safe resource sharing.
This article explains the same‑origin policy, its role in protecting web applications, how browsers enforce it through DOM, web‑data, and network restrictions, and how Cross‑Origin Resource Sharing (CORS) and preflight requests enable controlled cross‑origin communication while maintaining security.
This article explains the fundamentals of the browser Same‑Origin Policy, the security risks it mitigates, and how Cross‑Origin Resource Sharing (CORS) with simple and preflight requests enables controlled cross‑domain communication while protecting user data.
This article explains the concept of cross‑origin requests, the same‑origin policy that restricts them, and presents three practical frontend solutions—JSONP, a server‑side proxy using Nest.js, and Webpack dev‑server proxy configuration—along with code examples and security considerations.
This article explains the browser's Same-Origin Policy, its impact on DOM, data, and network access, and how Cross-Origin Resource Sharing (CORS) and preflight requests enable controlled cross-origin communication while preserving security.
This article explains the browser's Same‑Origin Policy, its restrictions on DOM, data and network access, and how Cross‑Origin Resource Sharing (CORS) with simple and preflight requests enables controlled cross‑origin communication while mitigating security risks.
This article explains how to combine reflected and stored cross‑site scripting attacks with same‑origin policy abuse to turn a low‑severity XSS vulnerability into a high‑severity issue, detailing discovery, exploitation steps, and a JavaScript payload that harvests user data.
This article explains the CORS standard, how browsers enforce same‑origin policy, the definitions of simple and preflight requests, required HTTP headers, credential handling, and typical configuration mistakes that cause CORS errors, illustrated with code examples and tables.
This article explains what cross‑origin (CORS) is, how the browser's same‑origin policy restricts scripts, lists allowed tags, describes common cross‑origin scenarios, and provides practical PHP header code, proxy techniques, and Nginx reverse‑proxy configurations to resolve CORS issues.
This article explains the fundamentals of Cross‑Origin Resource Sharing (CORS) and the Same‑Origin Policy, illustrates common misconfigurations and attack scenarios such as origin reflection, null origin whitelisting, and TLS downgrade, and provides best‑practice mitigation techniques for secure web development.
This article explains the Same-Origin Policy, its security purpose and restrictions, introduces CORS as a solution for cross‑origin AJAX requests, and provides three practical ways—annotation, filter, and WebMvcConfigurerAdapter—to enable CORS in a Spring Boot application.
The article explains how the 58 Group’s cloud account platform consolidates multiple account systems and provides a unified SDK, detailing cross‑domain challenges, same‑origin policy, and practical solutions such as JSONP, iframe proxies, independent domains, 302 redirects, and CORS to ensure secure, efficient login integration across web, app, and PC clients.